Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-16 03:26:58 2014-07-16 03:28:58 120 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-16 03:26:58 2014-07-16 03:28:57

File Details

File name order_report_87438753479534789573498.exe
File size 51442 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 EBAEC606
MD5 f637a73edd103480cf15a1023e839a0b
SHA1 9b398010e42bed7d33ca8b95de66689b8c2cc3e6
SHA256 3e83bd14e79b9c062114d55386973cc3348f88b6d047b0ed8ed45d6e22b2bf79
SHA512 438b54f463022560cb5ca26b1d3fd491e678c2928b4f8b4fcf476652ae6a49e81f0f2b64a1f91d489935bf4b76e40744b26bd1b2f1cbf269eead1156d8a88d8d
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\WINDOWS\system32\scrrun.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\order_report_87438753479534789573498.exe
  • C:\WINDOWS\WINHELP.INI
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • HKEY_CLASSES_ROOT\Scripting.FileSystemObject
  • HKEY_CLASSES_ROOT\Scripting.FileSystemObject\CLSID
  • CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\TreatAs
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServerX86
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\LocalServer32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocHandler32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocHandlerX86
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\TreatAs
  • HKEY_CLASSES_ROOT\TypeLib
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_report_87438753479534789573498.exe PID: 440, Parent PID: 236

order_report_87438753479534789573498.exe PID: 488, Parent PID: 440

Volatility

Nothing to display.